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DETAILED ACTION 

This office action is in response to application filed October 3, 2006. Claims are 29-52 
are pending. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1(2) of such treaty in the English language. 

4. Claims 29-52 are rejected under 35 U.S.C. 102(e) as being anticipated by Thibadeau U. S. 
Patent 7,036,020. 

1 . Regarding Claim 29, Thibadeau teaches and describes a security system for securing 
access to an operating system of a computer having a host central processing unit (CPU), 
computer memory means used by the host CPU to load programs in order to operate the 
computer, and a storage device for storing data to be used by the computer, the security system 
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comprising: a security partition formed in the storage device, the operating system being stored 
in the security partition; and blocking means for selectively blocking data access between the 
host CPU and the security partition (Fig.1-4, col.4 line 37 to col. 6 line 16). 

2. Regarding Claim 42, Thibadeau teaches and describes a method for securing access to an 
operating system of a computer, the computer having a host central processing unit (CPU), a 
storage device for storing data to be used by the computer, and memory used by the host CPU to 
load programs in order to operate the computer and storage device, the method comprising: 
forming a security partition in the storage device; storing the operating system in the security 
partition; and selectively blocking access between the host CPU and the security partition (Fig.l- 
4, col.4 line 37 to col.6 line 16). 

3. Claims 30-41 and 43-52 are rejected applied as above rejecting Claims 29, and 42. 
Furthermore, system of Thibadeau teaches and describes a system and method for securing 
access to an operating system of a computer, wherein: 

As per Claim 30, each user of the computer has an associated access profile, each access 
profile comprising information indicative of the level of access to portions of the storage device 
permitted by a user, and the blocking means controlling access to the storage device by a user in 
accordance with the access profile associated with the user (col. 6 line 55 to col. 8 line 35). 

As per Claim 31, the security system is arranged such that at least two different data 
access profiles are defined; one access profile ascribing read and write access to said security 
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partition, and the other access profile not ascribing write access to said security partition (col. 6 
line 55 to col.8 line 35). 

As per Claim 32, said blocking means is independent and separately configurable of said 
host CPU (col.4 line 37 to col.6 line 16). 

As per Claim 33, during operation of the operating system the security system is arranged 
to divert and write operating system files to a location different to the security partition so that 
normal operation of the operating system continues even though operating system files in the 
secure partition have not been updated (col.5 line 25 to col.6 line 16). 

As per Claim 34, the security system is arranged to divert and write operating system 
files to a flash ROM (Fig. 1-4, col.4 line 37 to col.5 line 50). 

As per Claim 35, the security system is arranged to divert and write operating system 
files to an invisible partition formed in the storage device (col.5 line 15 to col.6 line 16). 

As per Claim 36, further comprising authentication means for authenticating a user of the 
computer and associating the user with a prescribed access profile, said blocking means 
controlling subsequent access to the security partition in accordance with the access profile 
associated with the user(col. 6 line 55 to col.8 line 35). 

As per Claim 37, said blocking means includes processing means for controlling 
operation of said blocking means (col.5 line 25 to col.6 line 16). 

As per Claim 38, said blocking means is configured to block all access by the host CPU 
to the storage device before initialisation of the security system, and to selectively permit access 
immediately after said initialisation in accordance with a respective access profile (col. 6 line 55 
to col.8 line 35). 
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As per Claim 39, said authentication means enables a software boot of the computer to be 
effected only after correct authentication of a user, and said security system permits normal 
loading of the operating system during the start up sequence of the computer following said 
software boot (col.6 line 55 to col.8 line 35). 

As per Claim 40, said blocking means is physically disposed in line with the data access 
channel between the host CPU and the storage device (col.4 line 37 to col.6 line 16). 

As per Claim 41, said blocking means is disposed as part of a bridging circuit (Fig. 1-4, 
and col.4 line 37 to col.6 line 16). 

As per Claim 43, further comprising associating each user with an access profile 
comprising information indicative of the level of access to portions of the storage device 
permitted by a user; and for each user, selectively blocking access between the host CPU and the 
security partition in accordance with the access profile defined for the user (col.5 line 25 to col.6 
line 16). 

As per Claim 44, further comprising defining at least two different access profiles, one 
access profile ascribing read and write access to data stored on said security partition, and the 
other access profile not ascribing write access to said security partition (col. 6 line 55 to col.8 
line 35). 

As per Claim 45, further comprising authenticating a user of the computer, and 
associating the user with an access profile after successful user authentication (col.5 line 15 to 
col.6 line 16). 

As per Claim 46, said selective blocking comprises controlling access between the host 
CPU and the security partition independently of the host CPU (col.4 line 37 to col.6 line 16). 
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As per Claim 47, said selective blocking comprises totally blocking access to the storage 
device by the host CPU during initialisation of the computer, and intercepting all said access 
immediately after said initialisation and before loading of the operating system of the computer 
(col.6 line 55 to col.8 line 35). 

As per Claim 48, including performing a software boot of the computer only after correct 
authentication of the user, and allowing normal loading of the operating system during the start 
up sequence of the computer after said software boot (col. 6 line 55 to col.8 line 35). 

As per Claim 49, further comprising diverting and writing operating system files to a 
location different to the security partition during operation of the operating system so that normal 
operation of the operating system continues even though operating system files in the secure 
partition have not been updated (col. 5 line 25 to col.6 line 16). 

As per Claim 50, the operating system files are diverted and written to a flash ROM 
(Fig. 1-4, col.4 line 37 to col.5 line 50). 

As per Claim 5 1, the operating system files are diverted and written to an invisible 
partition formed in the storage device (Fig. 1-4, col.4 line 37 to col.6 line 16). 

As per Claim 52. including unalterably storing computer programs for effecting said 
controlling access in a location separate from the memory and not addressable by the host CPU 
(Fig. 1-4, and col.4 line 37 to col.6 line 16). 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SYED ZIA whose telephone number is (571)272-3798. The 
examiner can normally be reached on 9:00 to 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

sz 

March 23, 2009 
/Syed Zia/ 

Primary Examiner, Art Unit 243 1 



